Notified:  September 18, 2003 Updated: October 09, 2003

Status

Affected

Vendor Statement

CyberDOCS - Potential to Pass Harmful SQL Statements Via a Browser Request Problem: In CyberDOCS (versions 3.1 and 3.5.1), it is possible to pass a potentially harmful SQL statement to the system as part of the username/password string. Resolution: This issue does not occur in CyberDOCS 3.9 and later. Customers experiencing this issue should upgrade to the latest release of this product. Reference: SD017068

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.